To control access to information or physical facilities, users may be asked to verify their identity or authorization. To gain access, a user may be required to provide password, key, biometric scan, or other token. Authentication of a user may be performed using information about the user that was previously enrolled in an access control system.